EduGeek.net - Zero Day Windows LNK Exploit

Sections
News
Recent Jobs

Summer Rollouts are here - 2-3 month installation projects available - £150-180 neg

Beginning early to mid July, may even be suitable for those on term time only or sabbaticals who can get away to gain more experience

Senior

IT Techician Leeds

http://jobs.leeds.gov.uk/jobdetails.aspx/7194/ICT_Technician_

Head of ICT and Academy ICT Co-ordinator in Northants - Hurry end date near

Just saw this on the TES site:
Head of ICT and Academy ICT Co-ordinator, Northamptonshire - TES Jobs

Expires on 28th May.

ICT Network Support Technician - North Bristol

Spotted this in the local vacancy bulletin:

ICT Network Support Technician

To support the maintenance and development of

Federation IT Helpdesk Technician and Web Manager - London

Haberdashers’ Aske’s Federation
Pepys Road, New Cross, SE14 5SF
Location: New Cross, London Borough of Lewisham
Start

IT Assistant / Technician - Headington Oxford

I am posting this here before it goes live on the school website - the salary level will be confirmed on the school site once the ad is published - probably

Zero Day Windows LNK Exploit

by
CAM

Published on 28th July 2010 01:13 AM

5 Comments

UPDATE: Microsoft have released a patch to fix the vulnerability here. Remove any temporary workaround provided by antivirus companies before installing it. Thanks to ajbritton and Arthur for the heads up.

Sophos have released a tool to block the CPLINK exploit present in all versions of the Windows Operating Ssytem from XP onwards. The exploit utilises compromised .LNK files (AKA shortcuts) to run potentially malicious code on a system by merely viewing the icon of the shortcut in a folder, network share or WebDAV folder.

The Sophos tool is available here but no patch is currently available from Microsoft to close the exploit.

Further information is available from MS Security Advisory 2286198.
5 Comments
ajbritton - 28th July 2010, 07:14 AM

Reply

According to Enterprise Security Today | Free Tools Can Fix Windows Shortcut Vulnerability, there is also a free tool from G Data

CAM - 28th July 2010, 10:08 AM

Reply

Thanks AJ. I didn't spot the GData solution.

ajbritton - 31st July 2010, 06:58 PM

Reply

Microsoft will be patching this next week...

Stuxnet, malicious .LNKs, ...and then there was Sality - Microsoft Malware Protection Center - Site Home - TechNet Blogs

Arthur - 2nd August 2010, 11:29 PM

Reply

The patches have now been released...

Microsoft Security Bulletin MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

ajbritton - 3rd August 2010, 08:28 AM

Reply

Sophos have noted that their protection should tool should be removed before installing the MS patch.
vBulletin Message

Cancel Changes

Recent Posts

BBC News mistakes Halo UNSC logo for UN

ROFL!!!!!!!

Source: BBC News mistakes Halo UNSC logo for UN • News • Xbox 360 • Eurogamer.net
ZeroHour Today, 02:30 AM

The French Ban SatNavs with Speed Camera Databases!

Very useful to know! Will pass it on to a friend.
This explains why Nokia Drive doesn't have them in it.
ZeroHour Today, 01:00 AM

What software for teacher workstations for windows 7 use

the snipping tool is the one thing i will happily thank MS for they can do some stupid things at times but the snipping tool has saved me hours in putting
mdench Today, 12:32 AM

The French Ban SatNavs with Speed Camera Databases!

I so read that first post as crepes not cripes. Imagine my disappointment.
My car has satnav in it, it's a navteq maps satnav, i think the head
michael2k6 Today, 12:23 AM

IT Technician - York

Well I can tell you what I know from a year ago.

I know it's been through a few changes. But if he has any q's let me know.
DanW Today, 12:17 AM

Summer Rollouts are here - 2-3 month installation projects available - £150-180 neg

Will,

I'd be interested in a short term (1-2 Week) roles if you have any coming up in London?
DanW Today, 12:16 AM
Recent Blog Posts

Assessment for Learning (AfL)

To what extent has the implementation of Assessment for Learning (AfL) strategies had any significant impact on a group of learners and what are the issues, (if any), surrounding the effective...
BWaring 25th May 2012 02:06 PM

Follow EduGeek on Twitter